Hi, I would like some pointer on how to accomplish the following task: We currently have few servers that have Internic registered IPs and they are visible to the web. We are trying to put these servers behind a cisco PIX firewall. The idea is to put a second ethernet card in each machine we want to move nehind the firewall, then broadcast the new address through the DNS and once all traffic stops from the original ethernet (eth0) we will get rid of the old numbers and only use the new numbers. The problem has been due to the network numbers and subnetteing, as well as the routing. Current configuration Route 1: ========= A.B.7.0 (network) -> eth0 -> A.B.7.1(router) -> internet Default gateway is A.B.7.1(router) What we want to do is --------------------- Route1 ======== A.B.7.0 (network) -> eth0 -> A.B.7.1(router) -> internet Route 2 ======== A.B.8.112 (network) -> eth1 -> A.B.8.113(pix firewall - inside) -> A.B.5.177(pix firewall - outside) -> A.B.5.177(router) -> internet def gateway is A.B.7.1(router) At this point we figured out how to work each route independantly so if the linux machine has either route (1 or 2) it works like a charm and each uses the mentioned router, these condigurations work. Route1 ======== A.B.7.0 (network) -> eth0 -> A.B.7.1(router) -> internet def gateway A.B.7.1(router) Route 2 ======== A.B.8.112 (network) -> eth1 -> A.B.8.113(pix firewall - inside) -> A.B.5.177(pix firewall - outside) -> A.B.5.177(router) -> internet def gateway A.B.8.113(pix firewall - inside) Is there a way to let traffic coming through eth1 (route2) to return back on the same ethernet device, and same for eth0?? it seems that the traffic comes in through eth1 and returns via eth0 so any request via eth1 does not retrun to the client, eth0 traffic is unaffected. BTW icmp works fine with the configuration above, bue everything else such as http, telnet does not make it. Any suggestions on how to move these IP behind the firewall without interrupting the service? Thanks in advance Adonis -- Adonis El Fakih - President, CEO -- EGS, Inc. 70 Boston Road, Suite A301, Chelmsford MA 01824 USA Fax (978) 244-0544 - adonis@egsx.com - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
